Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for service identity on azurerm_search_service #7657

Closed
jjl109 opened this issue Jul 9, 2020 · 2 comments · Fixed by #8907
Closed

Support for service identity on azurerm_search_service #7657

jjl109 opened this issue Jul 9, 2020 · 2 comments · Fixed by #8907
Labels
enhancement good first issue service/search
Milestone
v2.33.0

Comments

@jjl109
Copy link

jjl109 commented Jul 9, 2020

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Azure Cognitive Search supports enabling a service identity in order to authenticate with Key Vault to obtain customer-managed keys, as documented here: https://docs.microsoft.com/en-us/azure/search/search-security-manage-encryption-keys#3---create-a-service-identity

It should be possible to enable this service identity when creating an Azure Search service using Terraform.

The object_id of the identity should be exported as an output, so that it can be used to configure an Access Policy on a Key Vault in order to grant the Search Service identity access to the key, as explained here: https://docs.microsoft.com/en-us/azure/search/search-security-manage-encryption-keys#4---grant-key-access-permissions

This appears to be available in the SDK here: https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/vendor/github.com/Azure/azure-sdk-for-go/services/search/mgmt/2015-08-19/search/models.go#L68

New or Affected Resource(s)

  • azurerm_search_service

Potential Terraform Configuration

Probably this should work the same way as the identity block for a virtual machine, and exported in the same way.

References

  • #0000
@mbfrahry mbfrahry mentioned this issue Oct 15, 2020
Merged
@mbfrahry mbfrahry added this to the v2.33.0 milestone Oct 15, 2020
@ghost
Copy link

ghost commented Oct 22, 2020

This has been released in version 2.33.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.33.0"
}
# ... other configuration ...

@ghost
Copy link

ghost commented Nov 15, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked as resolved and limited conversation to collaborators Nov 15, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement good first issue service/search
Projects
None yet
Milestone
v2.33.0
Development

Successfully merging a pull request may close this issue.

azurerm_search_service - add support for identity hashicorp/terraform-provider-azurerm
4 participants
@tombuildsstuff @jjl109 @mbfrahry @mybayern1974